stmux
Enthusiast
Enthusiast

Can not logon to vCenter Webservice

Jump to solution

ESXi 5.1.0, 1117900

vCenter Server 5.1.0, 1123961

I installed vCenter Server with Single Server Sign-on and all went well until I tried to logon to the Web Service.  No matter what I tried I could not logon, except after installing the Microsoft Session Authentication.  I can successfully logon with Windows Authentication, but not with vCenter Authentication.  During setup the Username was grayed out with admin@Service-Domain.  My domain is spatialhaze.com, so I have been using admin@spatialhaze.com and the password I set with no success.  Any guidance would be appreciated.

TIA,

stmux

0 Kudos
1 Solution

Accepted Solutions
a_nut_in
Expert
Expert

http://pubs.vmware.com/vsphere-51/topic/com.vmware.vsphere.install.doc/GUID-6BDE5582-DFCD-4D2D-BD09-...

<snip>

By default, the user admin@System-Domain can log in to the vSphere Web Client and vCenter Server

</snip>

Here the username is "admin@system-domain" which is the default user account for SSO/Single Sign On

Do remember to mark my post as "helpful" or "correct" if I've helped resolve or answer your query!

View solution in original post

0 Kudos
8 Replies
a_nut_in
Expert
Expert

Hi Stmux,

Not sure if I get this correctly:

except after installing the Microsoft Session Authentication.  I can successfully logon with Windows Authentication, but not with vCenter Authentication.  During setup the Username was grayed out with admin@Service-Domain.  My domain is spatialhaze.com, so I have been using admin@spatialhaze.com and the password I set with no success.

  1. What do you mean Microsoft Session Authentication? Do you mean adding the Identity Sources to SSO?
  2. Again What do you mean Windows Authentication and vCenter Authentication?
  3. admin@system-domain is the default SSO superadmin account and cannot be changed. This allows you to connect to SSO and add other AD and Local accounts
  4. I don't think SSO is picking up the domain

Can you try logging into the SSO server with the admin@system-domain and then add the spatialhaze.com following the blog post below?

Adding AD authentication to VMware SSO 5.1 - Gabes Virtual World

Regards

a

Do remember to mark my post as "helpful" or "correct" if I've helped resolve or answer your query!
0 Kudos
stmux
Enthusiast
Enthusiast

<<What do you mean Microsoft Session Authentication? Do you mean adding the Identity Sources to SSO?>>

On the main vCenter Web Client logon page there are two windows, one for Username and one for Password.  Below those windows is a check box and next to the check box it says, "Use Windows Session Authentication," which is a link.  Clicking on this link downloads a plug-in and when installed and the checkbox is checked, the Username ad Password windows get grayed out and I am able to logon to vCenter Server using Windows AD Authentication.  However, with the box unchecked and I enter admin@spatialhaze.com in the Username window and the correct Password I entered when setting SSO up, I can not login.  That is what I referred to as vCenter Authentication.

I went to the link you left and followed the instructions, except by logging on using Windows AD Authentication and when I go to Administration there is nothing under  Single Sign-on Discovery.

Thank you for your assistance,

stmux

0 Kudos
a_p_
Leadership
Leadership

Did you try to login using admin@system-domain (not admin@service-domain)?

André

0 Kudos
a_nut_in
Expert
Expert

Hmm...

Clicking on this link downloads a plug-in and when installed and the checkbox is checked, the Username ad Password windows get grayed out and I am able to logon to vCenter Server using Windows AD Authentication.  However, with the box unchecked and I enter admin@spatialhaze.com in the Username window and the correct Password I entered when setting SSO up, I can not login.

I think what is happening is you are logged in with a local account (not a domain account?) or vice versa! Try this

  1. On the web client, type the username as admin@system-domain. Enter the password you had provided during setup/install
  2. On the left pane you have Single Sign on Configuration. Click that
  3. Browse to Administration > Sign-On and Discovery > Configuration in the vSphere Web Client.
  4. Open the Edit Identity Source by right-clicking on the dialog of the Identity Source you want to edit/add
  5. Add the identity source for your domain

Regards

a

Do remember to mark my post as "helpful" or "correct" if I've helped resolve or answer your query!
0 Kudos
stmux
Enthusiast
Enthusiast

I am a bit confused.  If system-domain is spatialhaze.com, what would the service-domain be?  Is that the local domain or server name, ie, SVR2012-2?

stmux

0 Kudos
a_p_
Leadership
Leadership

As mentioned earlier by , the "admin@system-domain" account is the default administrator account for SSO and is not related to your AD domain. I'm not sure where you saw the "service-domain" though.

André

0 Kudos
a_nut_in
Expert
Expert

http://pubs.vmware.com/vsphere-51/topic/com.vmware.vsphere.install.doc/GUID-6BDE5582-DFCD-4D2D-BD09-...

<snip>

By default, the user admin@System-Domain can log in to the vSphere Web Client and vCenter Server

</snip>

Here the username is "admin@system-domain" which is the default user account for SSO/Single Sign On

Do remember to mark my post as "helpful" or "correct" if I've helped resolve or answer your query!

View solution in original post

0 Kudos
stmux
Enthusiast
Enthusiast

Ok, my brain was thinking inside the box. Meaning that system-domain represented the actual Windows Domain Name.  But alas, it is a trick question, where system-domain actually means, system-domain.   Putting admin@system-domain in the Username window logged in just fine.  Feeling a bit less that bright right now : )

Thank you for all your help,

stmux

0 Kudos